CaseyJ000

Members
  • Content count

    57
  • Joined

  • Last visited

About CaseyJ000

  • Rank
    Regular Member
  1. So I was looking for the unhidden HP programs but I don't see them running. I guess it's "this" in the report. Stopped but marked Hidden again. fixlist content: ***************** Start CloseProcesses: hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
  2. Thanks! (I looked at the registry and there were many listings for HP scanning and imaging, but also every uninstalled program. Is there a good way to eliminate the unneeded ones?) Fixlog.txt
  3. I see several things I'm wondering about. When the computer started blue screening the HP Scanner stopped scanning. I tried to reinstall the drivers and that didn't work. I uninstalled it and nothing from HP shows up on Add/Remove programs . However some HP programs are running, marked "hidden" on the Addition.txt report. I would like to Uninstall them. report says: "(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually." ___________________________________ I'm started getting this type of screen on Firefox ( attached) on many "https:" sites. I did a reverse image search and it said it could be a malware takeover of Firefox. https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware I turned Eset off for a second and was able to open FB. The Eset is fairly recently updated. I did a reverse image search and it says where to adjust Eset to allow https. That didn't work so I'm not using Firefox right now. Using Internet explorer instead. The Firefox website recommended trying a bunch of other Anti malware programs ______________________________ I see a bunch of files marked "GWXTriggers\Time-5d -> No File <==== ATTENTION"____ I can uninstall GWX control panel if that will help. MacDrive which I don't use much has an error--"Faulting application start time: 0xMacDrive.exe0" --I can uninstall that if needed still have a lot of these errors--Error: (08/26/2016 08:47:29 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3.---- I've read several websites and still can't really understand how to figure out what is attached to Port 3 I noticed during Combo fix. a file marked autorun for backup hard drive F was deleted. That's probably good as I've noticed slowdowns and crashes when attaching usb drives. In general though the computer is starting up faster, and if I turn off all programs I can attach a USB drive without the computer crashing. I do have to wait until each folder opens and displays all contents before moving files. There is still a lag but not as bad.
  4. FRST.txt Addition.txt
  5. Here you go. ComboFix.txt
  6. AdwCleaner[C2].txt JRT.txt
  7. Yes I tried System Restore but after the first attempt, those earlier stored versions vanished. I am trying here because I'm not sure if GWX Control Panel, CCleaner or Acronis or some other program could be causing my problems as there may be aspects of those programs considered Malware, as they might be trying to update. I've attempted to find info on the Windows sites and tried several things. This is the best site I've used for help in analyzing computer problems. If you can point me to a more appropriate forum that would be good.
  8. System has been lagging since Acronis Backup crash. Acronis overloaded my backup drive then Blue screens started. Uninstalled it, Seem to be a lot of errors involving ports and slow downs or crashes when USB is attached. Thanks! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01 Ran by jim (administrator) on JIM-PC (21-08-2016 13:25:28) Running from C:\Users\jim\Desktop Loaded Profiles: jim (Available Profiles: jim) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\vds.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe (UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [MacDrive 9 application] => C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [507904 2012-05-31] (Mediafour Corporation) HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard) HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\jim\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [MacDriveVolumeIcon] -> {6B21AF46-EE37-40D0-A707-C06C17D06CE9} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation) ShellIconOverlayIdentifiers: [MacDriveVolumeIconReadOnly] -> {E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A113AB99-F70E-4FB5-AF18-2772DF1F67AA}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab FireFox: ======== FF ProfilePath: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\jt9saoui.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Plugin HKU\S-1-5-21-1586447121-1290467794-2333047351-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-31] (Citrix Online) FF Plugin HKU\S-1-5-21-1586447121-1290467794-2333047351-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File] FF Extension: Adblock Plus - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\jt9saoui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2541192 2016-06-23] (ESET) R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [178176 2012-05-21] (Mediafour Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-21] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [317136 2012-06-06] (Mediafour Corporation) R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32464 2012-06-05] (Mediafour Corporation) R0 MDRAID; C:\Windows\System32\DRIVERS\MDRAID.sys [187120 2012-06-11] (Mediafour Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] () R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare) S3 NPF; system32\drivers\NPF.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-21 13:25 - 2016-08-21 13:25 - 00011019 _____ C:\Users\jim\Desktop\FRST.txt 2016-08-21 13:25 - 2016-08-21 13:25 - 00000000 ____D C:\FRST 2016-08-21 13:24 - 2016-08-21 13:24 - 02396672 _____ (Farbar) C:\Users\jim\Desktop\FRST64.exe 2016-08-21 12:44 - 2016-08-21 12:44 - 00003304 ____N C:\bootsqm.dat 2016-08-21 12:23 - 2016-08-21 12:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-08-21 12:23 - 2016-08-21 12:23 - 00000000 ___SD C:\Windows\system32\GWX 2016-08-21 07:47 - 2016-08-21 07:47 - 00000000 ____D C:\Users\jim\AppData\Local\{1F5FFF03-FEF6-4350-B14E-5714856C2A5A} 2016-08-20 19:46 - 2016-08-20 19:46 - 00000000 ____D C:\Users\jim\AppData\Local\{C6C2D76F-A1A0-40C2-8EE3-BDCE18CD1865} 2016-08-20 07:45 - 2016-08-20 07:45 - 00000000 ____D C:\Users\jim\AppData\Local\{A2FDAE3F-7D55-44F9-A304-87508719DF99} 2016-08-19 19:44 - 2016-08-19 19:44 - 00000000 ____D C:\Users\jim\AppData\Local\{FCBBC8C1-F766-4FF8-948A-96A31092D900} 2016-08-19 07:43 - 2016-08-19 07:43 - 00000000 ____D C:\Users\jim\AppData\Local\{C3FDB404-2F7C-4592-8AA5-5FB38508FBE4} 2016-08-18 19:42 - 2016-08-18 19:42 - 00000000 ____D C:\Users\jim\AppData\Local\{C9BF3434-DEB9-4151-992B-E982CA0FF6DD} 2016-08-18 07:41 - 2016-08-18 07:42 - 00000000 ____D C:\Users\jim\AppData\Local\{533DFAD0-71CC-43BC-8427-7633622230D6} 2016-08-17 19:40 - 2016-08-17 19:41 - 00000000 ____D C:\Users\jim\AppData\Local\{FBFF54C2-3B63-409B-86AF-245FB01FFC05} 2016-08-17 06:55 - 2016-08-17 06:56 - 00000000 ____D C:\Users\jim\AppData\Local\{5FB0F507-0FE3-49B2-9433-3FD2B4B77309} 2016-08-16 19:08 - 2016-08-16 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2016-08-16 19:08 - 2016-08-16 19:08 - 00000000 ____D C:\ProgramData\ESET 2016-08-16 18:54 - 2016-08-16 18:54 - 00000000 ____D C:\Users\jim\AppData\Local\{C4CF3ACF-E454-40A4-B21B-FF01CD0AF5FD} 2016-08-15 20:02 - 2016-08-15 20:03 - 00000000 ____D C:\Users\jim\AppData\Local\{314B820B-F8A9-4C2D-A189-F75988142653} 2016-08-15 08:02 - 2016-08-15 08:02 - 00000000 ____D C:\Users\jim\AppData\Local\{D2939CF1-8FC8-4BEE-8368-FEFAD7D657D9} 2016-08-14 20:01 - 2016-08-14 20:01 - 00000000 ____D C:\Users\jim\AppData\Local\{106CB046-B14E-4FB4-B046-BE9556F80ADA} 2016-08-14 08:00 - 2016-08-14 08:01 - 00000000 ____D C:\Users\jim\AppData\Local\{75A881C5-C195-42D3-A921-5042D0212346} 2016-08-13 20:00 - 2016-08-13 20:00 - 00000000 ____D C:\Users\jim\AppData\Local\{7B2AA113-08FA-4DB1-8D98-DB99DB657F0F} 2016-08-13 07:59 - 2016-08-13 07:59 - 00000000 ____D C:\Users\jim\AppData\Local\{6F9F8B8F-AB9A-48B7-8D47-B2D8FD632670} 2016-08-12 19:58 - 2016-08-12 19:59 - 00000000 ____D C:\Users\jim\AppData\Local\{E02A9B5E-7AD8-41B9-8CA9-E9C13BB07DCB} 2016-08-12 07:58 - 2016-08-12 07:58 - 00000000 ____D C:\Users\jim\AppData\Local\{7FBF5C6E-A160-49AD-BED3-296E0BC80A16} 2016-08-11 19:58 - 2016-08-11 19:58 - 00000000 ____D C:\Users\jim\AppData\Local\{95C835C3-4CF3-431B-9535-637096B8D2D6} 2016-08-11 07:57 - 2016-08-11 07:57 - 00000000 ____D C:\Users\jim\AppData\Local\{5724C163-A255-4F5B-940A-5EE7F94655C3} 2016-08-10 19:55 - 2016-08-10 19:55 - 00000000 ____D C:\Users\jim\AppData\Local\{AC3641F6-0B5B-4800-A6C5-400CF9817E0D} 2016-08-10 07:14 - 2016-08-10 07:14 - 00000000 ____D C:\Users\jim\AppData\Local\{D2F7AAD6-192B-4A55-A64C-FBE3BD0E9AD5} 2016-08-09 19:13 - 2016-08-09 19:13 - 00000000 ____D C:\Users\jim\AppData\Local\{BD0674A5-0852-4DB0-A6D5-97E6123B4C28} 2016-08-08 20:07 - 2016-08-08 20:07 - 00000000 ____D C:\Users\jim\AppData\Local\{B78C6DA1-5066-4209-B425-0F8FDE3E6337} 2016-08-08 08:06 - 2016-08-08 08:06 - 00000000 ____D C:\Users\jim\AppData\Local\{6E6B1BF1-33CE-4570-984E-0333F0E8EA69} 2016-08-07 20:06 - 2016-08-07 20:06 - 00000000 ____D C:\Users\jim\AppData\Local\{04141E43-4325-4361-BF4A-201BEFA0551A} 2016-08-07 07:17 - 2016-08-07 07:17 - 00000000 ____D C:\Users\jim\AppData\Local\{0A16A081-44E6-4FDB-9483-4B018A5DAC62} 2016-08-06 19:16 - 2016-08-06 19:17 - 00000000 ____D C:\Users\jim\AppData\Local\{72ACF761-040D-48D4-8854-F977CE3DD977} 2016-08-06 07:16 - 2016-08-06 07:16 - 00000000 ____D C:\Users\jim\AppData\Local\{7C83590B-6326-437E-A3C2-42495BA29E45} 2016-08-05 20:42 - 2016-08-05 20:43 - 00000000 ____D C:\Users\jim\Desktop\Flushing 2016-08-05 08:09 - 2016-08-05 08:09 - 00000000 ____D C:\Users\jim\AppData\Local\{FDB333C3-2F45-4BA8-8342-F43E1A604C87} 2016-08-04 20:06 - 2016-08-04 20:06 - 00000000 ____D C:\Users\jim\AppData\Local\{D4A013E8-F4DA-42C5-8868-D3D7D3949B56} 2016-08-04 19:51 - 2016-08-04 19:51 - 00000000 ____D C:\Users\jim\AppData\Local\{CF5C9324-1C7D-4488-B7FA-706146A00893} 2016-08-04 07:50 - 2016-08-04 07:51 - 00000000 ____D C:\Users\jim\AppData\Local\{42323AC3-6E46-423E-A98D-82D42436CCE6} 2016-08-03 19:49 - 2016-08-03 19:50 - 00000000 ____D C:\Users\jim\AppData\Local\{E5EA61B3-08FC-4C7B-9D9D-F6AE7D34038D} 2016-08-03 07:49 - 2016-08-03 07:49 - 00000000 ____D C:\Users\jim\AppData\Local\{CF1D2587-BB46-495E-B1A4-7817F85164DA} 2016-08-02 19:49 - 2016-08-02 19:49 - 00000000 ____D C:\Users\jim\AppData\Local\{178BF956-7BD9-4453-97AA-F46A4B98274A} 2016-08-02 07:48 - 2016-08-02 07:48 - 00000000 ____D C:\Users\jim\AppData\Local\{5D902770-BA8B-48E4-B08D-EB79E7DA937E} 2016-08-01 19:48 - 2016-08-01 19:48 - 00000000 ____D C:\Users\jim\AppData\Local\{7A111C10-8B51-40A3-981B-4DE69EAC5EA4} 2016-07-31 21:45 - 2016-07-31 21:45 - 00000000 ____D C:\Users\jim\AppData\Local\{25D32E22-FE9B-49B0-BE1E-D70F57794A30} 2016-07-31 09:45 - 2016-07-31 09:45 - 00000000 ____D C:\Users\jim\AppData\Local\{2945DF24-9536-4D99-9173-D67088E19FBE} 2016-07-30 21:44 - 2016-07-30 21:44 - 00000000 ____D C:\Users\jim\AppData\Local\{764F2A4C-63C8-49D4-AD1B-98E0DE88ADDC} 2016-07-30 08:22 - 2016-07-30 08:23 - 00000000 ____D C:\Users\jim\Desktop\snips 2016-07-30 06:50 - 2016-07-30 06:50 - 00000000 ____D C:\Users\jim\AppData\Local\{A02F3D05-33DC-4B26-8668-A8E002885114} 2016-07-29 07:57 - 2016-07-29 07:57 - 00000000 ____D C:\Users\jim\AppData\Local\{9A876B88-6C33-43AB-A184-4D04A5BDEA41} 2016-07-28 19:57 - 2016-07-28 19:57 - 00000000 ____D C:\Users\jim\AppData\Local\{22DEC34B-38CD-4350-A6BD-1A217AE1AC41} 2016-07-28 07:56 - 2016-07-28 07:56 - 00000000 ____D C:\Users\jim\AppData\Local\{392BC865-2DA8-4F0C-B9BE-CF199EAAED4F} 2016-07-27 19:56 - 2016-07-27 19:56 - 00000000 ____D C:\Users\jim\AppData\Local\{30C268CC-C004-4D11-8496-50D918918809} 2016-07-27 07:56 - 2016-07-27 07:56 - 00000000 ____D C:\Users\jim\AppData\Local\{9E2247BA-2932-4917-96AB-AFFD852AF45C} 2016-07-26 19:54 - 2016-07-26 19:55 - 00000000 ____D C:\Users\jim\AppData\Local\{C953A175-5BB5-4B87-B3F8-DAB89ECF64F9} 2016-07-26 06:35 - 2016-07-26 06:35 - 00000000 ____D C:\Users\jim\AppData\Local\{4AEC2586-80E8-4068-A853-8285E7F5A46E} 2016-07-25 18:34 - 2016-07-25 18:34 - 00000000 ____D C:\Users\jim\AppData\Local\{0C433236-6003-476E-8994-015BCC17947E} 2016-07-24 20:49 - 2016-07-24 20:50 - 00000000 ____D C:\Users\jim\AppData\Local\{F2973C62-E2C6-4AC1-95B3-EF7612D26F1F} 2016-07-24 18:34 - 2016-08-21 11:52 - 00000000 ____D C:\Users\jim\Desktop\Z 2016-07-24 17:54 - 2016-07-24 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-07-24 08:48 - 2016-07-24 08:49 - 00000000 ____D C:\Users\jim\AppData\Local\{674B32E2-36F9-4D9F-9FB9-FC3C09ACC2ED} 2016-07-23 18:24 - 2016-07-23 18:24 - 00000000 ____D C:\Users\jim\AppData\Local\{3C1D34DB-7C7D-4CA3-95A1-E5FAE83CC90E} 2016-07-23 11:32 - 2016-07-24 11:14 - 00000000 ____D C:\Users\jim\Desktop\New folder (2) 2016-07-23 10:39 - 2016-07-23 12:02 - 00000000 ____D C:\AdwCleaner 2016-07-23 06:24 - 2016-07-23 06:24 - 00000000 ____D C:\Users\jim\AppData\Local\{0A406A15-40F6-4FE4-AF9D-2D04A358EA91} 2016-07-22 18:23 - 2016-07-22 18:23 - 00000000 ____D C:\Users\jim\AppData\Local\{9FF65C46-5B20-47D0-B614-FADB077EC357} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-21 13:09 - 2013-02-12 09:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-21 13:01 - 2012-03-19 22:59 - 00000000 ____D C:\installers 2016-08-21 12:59 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-21 12:59 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-21 12:52 - 2014-04-09 20:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-21 12:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-21 12:11 - 2015-11-29 11:32 - 00000000 ____D C:\Users\jim\Desktop\HardDriveFailure2015 2016-08-21 12:01 - 2013-05-27 20:02 - 00000000 ____D C:\Users\jim\AppData\LocalLow\Temp 2016-08-21 11:59 - 2015-10-03 20:59 - 00000000 ____D C:\Users\jim\Desktop\desktop Wordpads 2016-08-21 11:58 - 2016-05-31 08:11 - 00000000 ____D C:\Users\jim\Desktop\acronisProblems 2016-08-21 11:49 - 2012-03-23 21:42 - 00000000 ____D C:\Users\jim\AppData\Local\Autodesk 2016-08-21 11:46 - 2012-03-23 20:48 - 00000000 ____D C:\Program Files\Autodesk 2016-08-21 02:00 - 2014-08-18 02:00 - 00000000 ____D C:\Users\jim\AppData\Local\Adobe 2016-08-20 11:23 - 2014-01-30 08:53 - 00000000 ____D C:\Users\jim\Downloads\randomDump 2016-08-20 10:58 - 2014-07-28 07:47 - 00000000 ____D C:\Users\jim\Downloads\ToBeSorted 2016-08-20 10:57 - 2013-12-01 07:37 - 00000000 ____D C:\Users\jim\Downloads\mcCracken 2016-08-20 10:50 - 2013-11-04 07:53 - 00000000 ____D C:\Users\jim\Downloads\batarang 2016-08-18 08:41 - 2014-01-11 13:50 - 00001714 _____ C:\Windows\Sandboxie.ini 2016-08-16 19:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-08-16 19:02 - 2016-07-18 19:41 - 00387328 _____ C:\Windows\ntbtlog.txt 2016-08-16 08:18 - 2012-03-19 22:10 - 00000000 ____D C:\Users\jim 2016-08-16 08:08 - 2012-05-19 17:51 - 00000000 ____D C:\Windows\Minidump 2016-08-16 08:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2016-08-14 13:34 - 2015-10-03 08:32 - 00000000 ____D C:\Users\jim\Downloads\topstone Masks 2016-08-14 13:33 - 2014-04-26 07:48 - 00000000 ____D C:\Users\jim\Downloads\londonWaxMuseum 2016-08-14 13:33 - 2014-03-29 10:09 - 00000000 ____D C:\Users\jim\Downloads\dickSmith 2016-08-12 07:28 - 2015-12-30 09:01 - 00000000 ____D C:\Users\jim\Downloads\MajorMudd 2016-08-11 08:55 - 2009-07-13 22:08 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-08-04 02:39 - 2016-06-12 16:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-26 07:31 - 2014-02-09 08:35 - 00000000 ____D C:\Users\jim\Downloads\Cabrera 2016-07-24 17:54 - 2014-04-09 20:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-07-24 17:36 - 2014-03-09 09:46 - 00000000 ____D C:\Users\jim\Downloads\pierce 2016-07-24 10:47 - 2013-12-08 11:16 - 00000000 ____D C:\Users\jim\Downloads\kennemore 2016-07-24 01:00 - 2016-06-11 16:21 - 00000000 ____D C:\Users\jim\AppData\Local\ElevatedDiagnostics 2016-07-23 11:12 - 2013-11-24 11:38 - 00000000 ____D C:\Users\jim\Downloads\puppetWorkshop 2016-07-23 11:07 - 2014-06-07 07:18 - 00000000 ____D C:\Users\jim\Downloads\Munsters 2016-07-23 11:06 - 2014-04-01 08:39 - 00000000 ____D C:\Users\jim\Downloads\Makeup 2016-07-23 11:06 - 2014-02-09 08:36 - 00000000 ____D C:\Users\jim\Downloads\Baker 2016-07-23 11:06 - 2013-08-09 07:10 - 00000000 ____D C:\Users\jim\Downloads\colan 2016-07-23 11:05 - 2013-06-27 06:11 - 00000000 ____D C:\Users\jim\Downloads\gremlins2 2016-07-23 11:04 - 2013-08-24 13:19 - 00000000 ____D C:\Users\jim\Downloads\Ditko ==================== Files in the root of some directories ======= 2013-01-07 21:15 - 2013-01-07 21:17 - 55565637 _____ () C:\Users\jim\AppData\Local\AdobeSetupUtility.zip.aamdownload 2013-01-07 21:15 - 2013-01-07 21:17 - 0000830 _____ () C:\Users\jim\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd 2014-01-11 07:49 - 2016-06-28 08:01 - 0007613 _____ () C:\Users\jim\AppData\Local\Resmon.ResmonCfg 2012-03-19 23:23 - 2013-01-09 21:04 - 0193152 _____ () C:\Users\jim\AppData\Local\Schedule8.dat 2012-03-23 22:10 - 2016-07-18 19:49 - 0010567 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\jim\AppData\Local\Temp\ACLMInstaller.exe C:\Users\jim\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\jim\AppData\Local\Temp\InstHelper.exe C:\Users\jim\AppData\Local\Temp\libeay32.dll C:\Users\jim\AppData\Local\Temp\msvcr120.dll C:\Users\jim\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-16 20:06 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by jim (21-08-2016 13:26:43) Running from C:\Users\jim\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-03-20 05:10:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1586447121-1290467794-2333047351-500 - Administrator - Disabled) Guest (S-1-5-21-1586447121-1290467794-2333047351-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1586447121-1290467794-2333047351-1002 - Limited - Enabled) jim (S-1-5-21-1586447121-1290467794-2333047351-1000 - Administrator - Enabled) => C:\Users\jim ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 9.0.386.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 9.0.386.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.39 - Dell Inc.) Dell Support Center (Version: 3.1.5907.39 - PC-Doctor, Inc.) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden ESET NOD32 Antivirus (HKLM\...\{EABF244B-9702-4B37-AA3F-F5CFF9572546}) (Version: 9.0.386.0 - ESET, spol. s r.o.) GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider) Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden i-Sound Recorder Pro 7.1.6.0 (HKLM-x32\...\i-Sound Recorder for Windows 7_is1) (Version: 7.1.6.0 - AbyssMedia.com) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden MacDrive 9 Pro (HKLM\...\{C8D349EC-FFAF-486E-B1B1-F560BFC08789}) (Version: 9.0.3.35 - Mediafour Corporation) MacDrive 9 Standard (HKLM\...\{53695BCA-8379-4FF7-B13E-193A082FC7DE}) (Version: 9.0.3.35 - Mediafour Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Replay AV 8 (HKLM-x32\...\Replay_AV_807) (Version: 8.83B - Applian Technologies Inc.) Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.10 - Applian Technologies Inc.) Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Wondershare Streaming Audio Recorder(Build 2.0.3.3) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.3.3 - Wondershare Software Co.,Ltd.) XM Tuner (HKLM-x32\...\{CB3E24CC-0350-4227-8A49-B2D5B9651D12}) (Version: 0.6.4 - PCFIRE) ZBrush 4R3 (HKLM-x32\...\ZBrush 4R3 4R3) (Version: 4R3 - Pixologic) ZBrush 4R4 (HKLM-x32\...\ZBrush 4R4 4R4) (Version: 4R4 - Pixologic) ZBrush 4R4 Patch 02 (HKLM\...\ZBrush 4R4 4R4) (Version: 4R4 - ) ZBrush 4R5 (HKLM-x32\...\ZBrush 4R5 4R5) (Version: 4R5 - Pixologic) ZBrush 4R6 (HKLM\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1586447121-1290467794-2333047351-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jim\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0073FA44-A541-406F-B74F-30640BF96F79} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {015E1475-76BF-4436-97F8-2915B68BA62A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {016900E8-7EE8-4B71-8C53-9E326A8394E1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0D4E269E-2C19-413D-A3AE-F43A8AB2E2A5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {16CEA10D-4099-4495-A4D3-B7003949318E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {19738565-C319-46BD-B5E9-4F8EBE4C1A31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {1CF22431-1B93-446C-9EBE-989FAF34CBD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {27E82F07-CA2D-4D5C-84D7-B193B3C271C8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {350E91EA-B273-4DC4-9DFA-B56220601963} - System32\Tasks\{66E43304-8B61-468E-A7E6-7E6355855510} => pcalua.exe -a C:\installers\RST_11.6.0.1030_RAID_AHCI_driver_GUI_CLI_2012.10.11\GUI\iata_cd.exe -d C:\installers\RST_11.6.0.1030_RAID_AHCI_driver_GUI_CLI_2012.10.11\GUI Task: {38434DCB-80AD-4761-8833-710C7D386832} - System32\Tasks\AdobeAAMUpdater-1.0-jim-PC-jim => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {3A4ADBEE-9F64-48DC-B3B1-4AEFABB22498} - System32\Tasks\{E878CFF8-F16C-488E-8902-B41689CF6320} => pcalua.exe -a C:\Users\jim\Downloads\MacDrive_Pro_9.0.3.35_en_Setup.exe -d C:\Users\jim\Downloads Task: {478AB668-C6EC-40F6-95CE-3A5F37938034} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {556B1A78-8AF0-44E9-BB6A-9160D219D34F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {55E1841C-2C62-498B-AEED-F6B2A5B66A54} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {5ED6F638-5CE3-47A7-A280-ACF34B699DDF} - System32\Tasks\{70510F85-3121-445D-951B-A46BF6703CF5} => pcalua.exe -a C:\installers\sandboxieupdate10_31\SandboxieInstall.exe -d C:\installers\sandboxieupdate10_31 Task: {6D17DF50-7C07-44FA-9FB0-22E31EB30D66} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {7DFCC5C0-B6A9-4342-BB01-1AF92483E627} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {7FE46B02-0FC1-4742-AB7E-C9B996EA894B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {812BE62F-3393-4EE9-A3D8-8C334C6D0CC9} - System32\Tasks\{5D6A3E04-2F89-4179-BF30-5B04BBB35E4C} => pcalua.exe -a "C:\Program Files (x86)\WinZip Self-Extractor\SETUP.EXE" -d "C:\Program Files (x86)\WinZip Self-Extractor" Task: {B1AA7DE6-C157-49E4-A37C-24EED8837774} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {B53E0B12-F0E1-440E-B69B-DB0EAEA0550D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {C8C01EC2-15AC-45CD-ACFF-93C9B22CF680} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {CDF8D78C-32DB-40CA-8A12-4EAF650BF51C} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-05-22] (PC-Doctor, Inc.) Task: {EF8F4211-1024-4AD4-BDBD-7690C1EF0F3C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {F07CE96A-1ED8-4704-9FA6-62A53E83CCFE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {F2F616B4-A747-4775-BF00-472B2B2EF553} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd) Task: {F9B023A6-A2F4-4455-9140-6BA9C3E6E86B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {FECDDC4C-E8FC-4A1F-8EEE-BB8692A128B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-05-23 21:11 - 2015-01-30 17:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-03-22 21:34 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2012-05-23 21:11 - 2012-11-06 02:34 - 00380776 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\akamaihd.net -> hxxps://fbstatic-a.akamaihd.net ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 19-08-2016 20:01:09 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: SONY CD-RW CRX217E ATA Device Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/21/2016 12:47:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2016 07:09:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2016 08:40:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/17/2016 08:39:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/17/2016 08:46:11 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Users\jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Windows Explorer because of this error. Program: Windows Explorer File: C:\Users\jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (08/17/2016 08:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: thumbcache.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9d0 Exception code: 0xc0000006 Fault offset: 0x000000000000732d Faulting process id: 0xaac Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (08/16/2016 07:38:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/16/2016 07:31:14 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/16/2016 07:31:14 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=3800}. The service will attempt to automatically correct this problem by rebuilding the index. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/16/2016 07:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/21/2016 12:50:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Defender service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (08/21/2016 12:50:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Defender service to connect. Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. Error: (08/19/2016 08:42:32 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY) Description: The event logging service encountered an error (res=1117) while initializing logging resources for channel Microsoft-Windows-DriverFrameworks-UserMode/Operational. Error: (08/19/2016 08:42:04 AM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (08/19/2016 08:40:23 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort3. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz Percentage of memory in use: 36% Total physical RAM: 8189.65 MB Available physical RAM: 5216.19 MB Total Virtual: 16377.51 MB Available Virtual: 13776.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:1582.97 GB) NTFS Drive f: (Elements) (Fixed) (Total:3725.99 GB) (Free:3158.18 GB) NTFS Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:562.1 GB) NTFS Drive i: (My Book) (Fixed) (Total:4657.49 GB) (Free:3133.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 68F5F1FA) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 881DDD29) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. ==================== End of Addition.txt ============================
  9. Thanks Ron!
  10. The computer seems to be running and no sign of infection. Here's the MBAM log Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.01.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16736 Frances :: FRANCES_IDEAPC [administrator] Protection: Enabled 1/3/2014 5:27:00 AM mbam-log-2014-01-03 (05-27-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238675 Time elapsed: 2 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. ok TFC is done and computer restarted. I noticed the 2 Event logs are the same time, so it's not new. I did get a message that errors were repaired.
  12. it said it was repairing while restarting,.....i did the scan again,and no errors were found,. Log Name: Application Source: Chkdsk Date: 1/2/2014 7:11:54 PM Event ID: 26226 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Frances_ideaPC Description: Chkdsk was executed in scan mode on a volume snapshot. Checking file system on C: Volume label is Windows8_OS. Stage 1: Examining basic file system structure ... Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b6146 for possibly 0x9 clusters. Found corrupt basic file structure for "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b0c25 for possibly 0x7 clusters. Found corrupt basic file structure for "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b3b52 for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b3b55 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b3b56 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b603d for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b6040 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b6041 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" ... repaired online. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x3e2d73 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a60 for possibly 0x2 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b0a62 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\Friends\7683328B-00000013.eml <0x2,0x2145e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5a904a for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5a904b for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5a904c for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Sent Items\2BB76388-000003EB.eml <0x2,0x22979>" ... repaired online. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x3e38d3 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\Storage Folders\extra_Inbox\74C20B08-000007E4.eml <0x1,0x236c0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38f6 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3921 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ef48b8517e741b8c28758e3313312af1_31bf3856ad364e35_6.2.9200.16518_none_1ad161d7c99fc04e.manifest <0x1,0x26884>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3f4f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b00 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b01 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e8c60 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eb84e for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e44748afbd33c9bb2c42b0a4f851391b_31bf3856ad364e35_6.2.9200.16518_none_86ee605ce834efbb.manifest <0x1,0x26892>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eba18 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ed4ce for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e02409ea3c23f5f668529cc71434d014_31bf3856ad364e35_6.2.9200.16518_none_9984b545f0ab9f9d.manifest <0x1,0x26898>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eee1f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_da69e96072b869fc679deba5b9376e60_31bf3856ad364e35_6.2.9200.20623_none_fc835d898789ab9d.manifest <0x1,0x2689c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3f5ba9 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5ae66f for possibly 0x7 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" ... repaired online. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x5b6bf4 for possibly 0x29 clusters. Found corrupt basic file structure for "\Users\Frances\Pictures\6-16-12Lorez\6_16_12_lo0296.jpg <0x1,0x27066>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38d5 for possibly 0x3 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQAKMDJN\cceimg[4].jpg <0xb,0x2b0c9>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b340a for possibly 0x8 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a5e for possibly 0x3 clusters. Found corrupt basic file structure for "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" ... repaired online. File "\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShareTarget <0x1,0xd7b>" and file "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" both own logical cluster 0x3e8c60 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.2.9200.20708_none_10fb8401478972d5\ImagingProvider.dll <0x2,0x9fe7>" and file "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" both own logical cluster 0x5ae673 ... queued for offline repair. File "\Windows\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.2.9200.16384_none_fd9c01be8b864efc\Amd64\CNB_0411.GPD <0x1,0xa69b>" and file "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" both own logical cluster 0x3eba18 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical clusters [0x5b603d, 0x5b6040) ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6040 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6041 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\MSFT_NetTransportFilter.cdxml <0x1,0xbc66>" and file "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" both own logical cluster 0x3e3f4f ... queued for offline repair. File "\Windows\WinSxS\wow64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.2.9200.20604_none_75e18480535c1e28\MSFT_NCSIPolicyConfiguration.cdxml <0x1,0xbc7f>" and file "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" both own logical cluster 0x3e38f6 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\PS_ScheduledTask_v1.0.cdxml <0x1,0xbd4f>" and file "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" both own logical clusters [0x5b6146, 0x5b614b) ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" both own logical cluster 0x3e4b00 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" both own logical cluster 0x3e4b01 ... queued for offline repair. File "\Windows\SysWOW64\mgmtapi.dll <0x1,0xc3ba>" and file "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" both own logical clusters [0x5b0c25, 0x5b0c2a) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical clusters [0x5b3b52, 0x5b3b55) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b55 ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b56 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-msi-adm_31bf3856ad364e35_6.2.9200.16384_none_7023bcf8d6bd8adb\MSI.admx <0x1,0xcf1c>" and file "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" both own logical clusters [0x5b340a, 0x5b340f) ... queued for offline repair. File "\Windows\WinSxS\Backup\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.2.9200.16384_none_72f8506d23781755.manifest <0x1,0xd861>" and file "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" both own logical clusters [0x5b0a5e, 0x5b0a60) ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-iis-cgi_31bf3856ad364e35_6.2.9200.16384_none_af71cc30ec8918b0.manifest <0x1,0xefdb>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" both own logical cluster 0x3e2d73 ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-msftedit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_33a9d980041d69d0.manifest <0x1,0xf31d>" and file "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" both own logical cluster 0x3f5ba9 ... queued for offline repair. File "\Windows\WinSxS\Manifests\msil_windowsformsintegration.resources_31bf3856ad364e35_4.0.9200.16384_en-us_8f6500d354eab5af.manifest <0x1,0x10a51>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Chkdsk" /> <EventID Qualifiers="0">26226</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-01-03T03:11:54.000000000Z" /> <EventRecordID>8483</EventRecordID> <Channel>Application</Channel> <Computer>Frances_ideaPC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: Volume label is Windows8_OS. Stage 1: Examining basic file system structure ... Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b6146 for possibly 0x9 clusters. Found corrupt basic file structure for "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b0c25 for possibly 0x7 clusters. Found corrupt basic file structure for "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b3b52 for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b3b55 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b3b56 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b603d for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b6040 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b6041 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" ... repaired online. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x3e2d73 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a60 for possibly 0x2 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b0a62 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\Friends\7683328B-00000013.eml <0x2,0x2145e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5a904a for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5a904b for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5a904c for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Sent Items\2BB76388-000003EB.eml <0x2,0x22979>" ... repaired online. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x3e38d3 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\Storage Folders\extra_Inbox\74C20B08-000007E4.eml <0x1,0x236c0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38f6 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3921 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ef48b8517e741b8c28758e3313312af1_31bf3856ad364e35_6.2.9200.16518_none_1ad161d7c99fc04e.manifest <0x1,0x26884>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3f4f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b00 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b01 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e8c60 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eb84e for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e44748afbd33c9bb2c42b0a4f851391b_31bf3856ad364e35_6.2.9200.16518_none_86ee605ce834efbb.manifest <0x1,0x26892>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eba18 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ed4ce for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e02409ea3c23f5f668529cc71434d014_31bf3856ad364e35_6.2.9200.16518_none_9984b545f0ab9f9d.manifest <0x1,0x26898>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eee1f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_da69e96072b869fc679deba5b9376e60_31bf3856ad364e35_6.2.9200.20623_none_fc835d898789ab9d.manifest <0x1,0x2689c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3f5ba9 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5ae66f for possibly 0x7 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" ... repaired online. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x5b6bf4 for possibly 0x29 clusters. Found corrupt basic file structure for "\Users\Frances\Pictures\6-16-12Lorez\6_16_12_lo0296.jpg <0x1,0x27066>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38d5 for possibly 0x3 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQAKMDJN\cceimg[4].jpg <0xb,0x2b0c9>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b340a for possibly 0x8 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a5e for possibly 0x3 clusters. Found corrupt basic file structure for "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" ... repaired online. File "\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShareTarget <0x1,0xd7b>" and file "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" both own logical cluster 0x3e8c60 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.2.9200.20708_none_10fb8401478972d5\ImagingProvider.dll <0x2,0x9fe7>" and file "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" both own logical cluster 0x5ae673 ... queued for offline repair. File "\Windows\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.2.9200.16384_none_fd9c01be8b864efc\Amd64\CNB_0411.GPD <0x1,0xa69b>" and file "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" both own logical cluster 0x3eba18 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical clusters [0x5b603d, 0x5b6040) ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6040 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6041 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\MSFT_NetTransportFilter.cdxml <0x1,0xbc66>" and file "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" both own logical cluster 0x3e3f4f ... queued for offline repair. File "\Windows\WinSxS\wow64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.2.9200.20604_none_75e18480535c1e28\MSFT_NCSIPolicyConfiguration.cdxml <0x1,0xbc7f>" and file "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" both own logical cluster 0x3e38f6 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\PS_ScheduledTask_v1.0.cdxml <0x1,0xbd4f>" and file "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" both own logical clusters [0x5b6146, 0x5b614b) ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" both own logical cluster 0x3e4b00 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" both own logical cluster 0x3e4b01 ... queued for offline repair. File "\Windows\SysWOW64\mgmtapi.dll <0x1,0xc3ba>" and file "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" both own logical clusters [0x5b0c25, 0x5b0c2a) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical clusters [0x5b3b52, 0x5b3b55) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b55 ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b56 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-msi-adm_31bf3856ad364e35_6.2.9200.16384_none_7023bcf8d6bd8adb\MSI.admx <0x1,0xcf1c>" and file "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" both own logical clusters [0x5b340a, 0x5b340f) ... queued for offline repair. File "\Windows\WinSxS\Backup\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.2.9200.16384_none_72f8506d23781755.manifest <0x1,0xd861>" and file "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" both own logical clusters [0x5b0a5e, 0x5b0a60) ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-iis-cgi_31bf3856ad364e35_6.2.9200.16384_none_af71cc30ec8918b0.manifest <0x1,0xefdb>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" both own logical cluster 0x3e2d73 ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-msftedit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_33a9d980041d69d0.manifest <0x1,0xf31d>" and file "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" both own logical cluster 0x3f5ba9 ... queued for offline repair. File "\Windows\WinSxS\Manifests\msil_windowsformsintegration.resources_31bf3856ad364e35_4.0.9200.16384_en-us_8f6500d354eab5af.manifest <0x1,0x10a51>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli </Data> <Binary>002C04001D8603006CBE050000000000A62600003B0000000000000000000000</Binary> </EventData> </Event>
  13. it said to restart to fix it? I see many errors related to importing old email meesages Log Name: Application Source: Chkdsk Date: 1/2/2014 7:11:54 PM Event ID: 26226 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Frances_ideaPC Description: Chkdsk was executed in scan mode on a volume snapshot. Checking file system on C: Volume label is Windows8_OS. Stage 1: Examining basic file system structure ... Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b6146 for possibly 0x9 clusters. Found corrupt basic file structure for "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b0c25 for possibly 0x7 clusters. Found corrupt basic file structure for "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b3b52 for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b3b55 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b3b56 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b603d for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b6040 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b6041 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" ... repaired online. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x3e2d73 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a60 for possibly 0x2 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b0a62 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\Friends\7683328B-00000013.eml <0x2,0x2145e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5a904a for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5a904b for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5a904c for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Sent Items\2BB76388-000003EB.eml <0x2,0x22979>" ... repaired online. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x3e38d3 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\Storage Folders\extra_Inbox\74C20B08-000007E4.eml <0x1,0x236c0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38f6 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3921 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ef48b8517e741b8c28758e3313312af1_31bf3856ad364e35_6.2.9200.16518_none_1ad161d7c99fc04e.manifest <0x1,0x26884>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3f4f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b00 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b01 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e8c60 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eb84e for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e44748afbd33c9bb2c42b0a4f851391b_31bf3856ad364e35_6.2.9200.16518_none_86ee605ce834efbb.manifest <0x1,0x26892>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eba18 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ed4ce for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e02409ea3c23f5f668529cc71434d014_31bf3856ad364e35_6.2.9200.16518_none_9984b545f0ab9f9d.manifest <0x1,0x26898>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eee1f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_da69e96072b869fc679deba5b9376e60_31bf3856ad364e35_6.2.9200.20623_none_fc835d898789ab9d.manifest <0x1,0x2689c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3f5ba9 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5ae66f for possibly 0x7 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" ... repaired online. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x5b6bf4 for possibly 0x29 clusters. Found corrupt basic file structure for "\Users\Frances\Pictures\6-16-12Lorez\6_16_12_lo0296.jpg <0x1,0x27066>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38d5 for possibly 0x3 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQAKMDJN\cceimg[4].jpg <0xb,0x2b0c9>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b340a for possibly 0x8 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a5e for possibly 0x3 clusters. Found corrupt basic file structure for "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" ... repaired online. File "\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShareTarget <0x1,0xd7b>" and file "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" both own logical cluster 0x3e8c60 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.2.9200.20708_none_10fb8401478972d5\ImagingProvider.dll <0x2,0x9fe7>" and file "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" both own logical cluster 0x5ae673 ... queued for offline repair. File "\Windows\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.2.9200.16384_none_fd9c01be8b864efc\Amd64\CNB_0411.GPD <0x1,0xa69b>" and file "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" both own logical cluster 0x3eba18 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical clusters [0x5b603d, 0x5b6040) ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6040 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6041 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\MSFT_NetTransportFilter.cdxml <0x1,0xbc66>" and file "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" both own logical cluster 0x3e3f4f ... queued for offline repair. File "\Windows\WinSxS\wow64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.2.9200.20604_none_75e18480535c1e28\MSFT_NCSIPolicyConfiguration.cdxml <0x1,0xbc7f>" and file "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" both own logical cluster 0x3e38f6 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\PS_ScheduledTask_v1.0.cdxml <0x1,0xbd4f>" and file "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" both own logical clusters [0x5b6146, 0x5b614b) ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" both own logical cluster 0x3e4b00 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" both own logical cluster 0x3e4b01 ... queued for offline repair. File "\Windows\SysWOW64\mgmtapi.dll <0x1,0xc3ba>" and file "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" both own logical clusters [0x5b0c25, 0x5b0c2a) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical clusters [0x5b3b52, 0x5b3b55) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b55 ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b56 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-msi-adm_31bf3856ad364e35_6.2.9200.16384_none_7023bcf8d6bd8adb\MSI.admx <0x1,0xcf1c>" and file "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" both own logical clusters [0x5b340a, 0x5b340f) ... queued for offline repair. File "\Windows\WinSxS\Backup\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.2.9200.16384_none_72f8506d23781755.manifest <0x1,0xd861>" and file "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" both own logical clusters [0x5b0a5e, 0x5b0a60) ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-iis-cgi_31bf3856ad364e35_6.2.9200.16384_none_af71cc30ec8918b0.manifest <0x1,0xefdb>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" both own logical cluster 0x3e2d73 ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-msftedit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_33a9d980041d69d0.manifest <0x1,0xf31d>" and file "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" both own logical cluster 0x3f5ba9 ... queued for offline repair. File "\Windows\WinSxS\Manifests\msil_windowsformsintegration.resources_31bf3856ad364e35_4.0.9200.16384_en-us_8f6500d354eab5af.manifest <0x1,0x10a51>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Chkdsk" /> <EventID Qualifiers="0">26226</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-01-03T03:11:54.000000000Z" /> <EventRecordID>8483</EventRecordID> <Channel>Application</Channel> <Computer>Frances_ideaPC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: Volume label is Windows8_OS. Stage 1: Examining basic file system structure ... Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b6146 for possibly 0x9 clusters. Found corrupt basic file structure for "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b0c25 for possibly 0x7 clusters. Found corrupt basic file structure for "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b3b52 for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b3b55 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b3b56 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b603d for possibly 0x3 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b6040 for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5b6041 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" ... repaired online. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x3e2d73 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a60 for possibly 0x2 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5b0a62 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\Friends\7683328B-00000013.eml <0x2,0x2145e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5a904a for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x8 is cross linked starting at 0x5a904b for possibly 0x1 clusters. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x5a904c for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Sent Items\2BB76388-000003EB.eml <0x2,0x22979>" ... repaired online. Attribute record of type 0x80 and instance tag 0x6 is cross linked starting at 0x3e38d3 for possibly 0x1 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\Storage Folders\extra_Inbox\74C20B08-000007E4.eml <0x1,0x236c0>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38f6 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3921 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ef48b8517e741b8c28758e3313312af1_31bf3856ad364e35_6.2.9200.16518_none_1ad161d7c99fc04e.manifest <0x1,0x26884>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e3f4f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b00 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e4b01 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e8c60 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eb84e for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e44748afbd33c9bb2c42b0a4f851391b_31bf3856ad364e35_6.2.9200.16518_none_86ee605ce834efbb.manifest <0x1,0x26892>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eba18 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ed4ce for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_e02409ea3c23f5f668529cc71434d014_31bf3856ad364e35_6.2.9200.16518_none_9984b545f0ab9f9d.manifest <0x1,0x26898>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3eee1f for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_da69e96072b869fc679deba5b9376e60_31bf3856ad364e35_6.2.9200.20623_none_fc835d898789ab9d.manifest <0x1,0x2689c>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3f5ba9 for possibly 0x1 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5ae66f for possibly 0x7 clusters. Found corrupt basic file structure for "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" ... repaired online. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x5b6bf4 for possibly 0x29 clusters. Found corrupt basic file structure for "\Users\Frances\Pictures\6-16-12Lorez\6_16_12_lo0296.jpg <0x1,0x27066>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3e38d5 for possibly 0x3 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQAKMDJN\cceimg[4].jpg <0xb,0x2b0c9>" ... repaired online. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x5b340a for possibly 0x8 clusters. Found corrupt basic file structure for "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" ... repaired online. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x5b0a5e for possibly 0x3 clusters. Found corrupt basic file structure for "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" ... repaired online. File "\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShareTarget <0x1,0xd7b>" and file "\Windows\WinSxS\Manifests\amd64_e7b4e200001bf524e73f14861b7fc774_31bf3856ad364e35_6.2.9200.16518_none_fee84dda9aec415b.manifest <0x1,0x26890>" both own logical cluster 0x3e8c60 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.2.9200.20708_none_10fb8401478972d5\ImagingProvider.dll <0x2,0x9fe7>" and file "\Windows\WinSxS\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_10.0.9200.16519_none_ff1b8f8d78e002c4.manifest <0x1,0x26b96>" both own logical cluster 0x5ae673 ... queued for offline repair. File "\Windows\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.2.9200.16384_none_fd9c01be8b864efc\Amd64\CNB_0411.GPD <0x1,0xa69b>" and file "\Windows\WinSxS\Manifests\amd64_e3a503a8fb1660dde087d5a50145276f_31bf3856ad364e35_6.2.9200.16518_none_23a9120374747964.manifest <0x1,0x26894>" both own logical cluster 0x3eba18 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical clusters [0x5b603d, 0x5b6040) ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6040 ... queued for offline repair. File "\Windows\WinSxS\Temp\InFlight\b7422cfdb6e3ce01c7010000640ce80c\amd64_adobe-flash-for-windows_31bf3856ad364e35_6.2.9200.20547_none_85216aaa0c4e42f2\FlashUtil_ActiveX.dll <0x3,0xb5d4>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\6B4A6230-0000030F.eml <0x2,0x20820>" both own logical cluster 0x5b6041 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\MSFT_NetTransportFilter.cdxml <0x1,0xbc66>" and file "\Windows\WinSxS\Manifests\amd64_ed1e807ad656acec1060a7eb2212c730_31bf3856ad364e35_6.2.9200.20623_none_6d9b4638dc0e9b53.manifest <0x1,0x26888>" both own logical cluster 0x3e3f4f ... queued for offline repair. File "\Windows\WinSxS\wow64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.2.9200.20604_none_75e18480535c1e28\MSFT_NCSIPolicyConfiguration.cdxml <0x1,0xbc7f>" and file "\Windows\WinSxS\Manifests\amd64_effdc725689c19f4c6e09329d05f3734_31bf3856ad364e35_6.2.9200.20623_none_a74a4e12d7d17bca.manifest <0x1,0x26882>" both own logical cluster 0x3e38f6 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\PS_ScheduledTask_v1.0.cdxml <0x1,0xbd4f>" and file "\Windows\WinSxS\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.0.9200.20644_none_588560f5eaeff115\iernonce.dll <0x12,0x1ae86>" both own logical clusters [0x5b6146, 0x5b614b) ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e9d90ded7071aa4a7c3b38d2610be1bb_31bf3856ad364e35_6.2.9200.20623_none_5d6701ee06ea4550.manifest <0x1,0x2688c>" both own logical cluster 0x3e4b00 ... queued for offline repair. File "\Windows\System32\WindowsPowerShell\v1.0\Modules\Storage\InitiatorId.cdxml <0x1,0xbd6c>" and file "\Windows\WinSxS\Manifests\amd64_e8c9f884b6437e5c9bd826ae4b09f487_31bf3856ad364e35_6.2.9200.16518_none_930de27a921b41d4.manifest <0x1,0x2688e>" both own logical cluster 0x3e4b01 ... queued for offline repair. File "\Windows\SysWOW64\mgmtapi.dll <0x1,0xc3ba>" and file "\Program Files (x86)\Cyberlink\Shared files\language\ita\EffectExtractor.dll <0x2,0x1deb0>" both own logical clusters [0x5b0c25, 0x5b0c2a) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical clusters [0x5b3b52, 0x5b3b55) ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b55 ... queued for offline repair. File "\Windows\SysWOW64\unimdmat.dll <0x1,0xc744>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\2B235514-000002AA.eml <0x2,0x207b6>" both own logical cluster 0x5b3b56 ... queued for offline repair. File "\Windows\WinSxS\amd64_microsoft-windows-msi-adm_31bf3856ad364e35_6.2.9200.16384_none_7023bcf8d6bd8adb\MSI.admx <0x1,0xcf1c>" and file "\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF1VW6SI\wbk8152.tmp <0x4,0x31faa>" both own logical clusters [0x5b340a, 0x5b340f) ... queued for offline repair. File "\Windows\WinSxS\Backup\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.2.9200.16384_none_72f8506d23781755.manifest <0x1,0xd861>" and file "\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe\Components\Music\PurchaseActions.js <0x9,0x3c101>" both own logical clusters [0x5b0a5e, 0x5b0a60) ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-iis-cgi_31bf3856ad364e35_6.2.9200.16384_none_af71cc30ec8918b0.manifest <0x1,0xefdb>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli 79c\Inbox\68FD6EEF-000004B7.eml <0x2,0x20e5c>" both own logical cluster 0x3e2d73 ... queued for offline repair. File "\Windows\WinSxS\Manifests\amd64_microsoft-windows-msftedit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_33a9d980041d69d0.manifest <0x1,0xf31d>" and file "\Windows\WinSxS\Manifests\amd64_d7e65a53655b53ccbc72ed4f689749cf_31bf3856ad364e35_6.2.9200.16518_none_5cf912a689f2521a.manifest <0x1,0x2689e>" both own logical cluster 0x3f5ba9 ... queued for offline repair. File "\Windows\WinSxS\Manifests\msil_windowsformsintegration.resources_31bf3856ad364e35_4.0.9200.16384_en-us_8f6500d354eab5af.manifest <0x1,0x10a51>" and file "\Users\Frances\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Imported Folder (1)\Storage Folders\Imported Folder\pop.earthli </Data> <Binary>002C04001D8603006CBE050000000000A62600003B0000000000000000000000</Binary> </EventData> </Event>
  14. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01 Ran by Frances at 2014-01-02 06:08:24 Run:1 Running from C:\Users\Frances\Desktop\rootkit Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 0243831364389521mcinstcleanup; C:\windows\TEMP\024383~1.EXE [832664 2012-09-28] (McAfee, Inc.) ***************** 0243831364389521mcinstcleanup => Service deleted successfully. ==== End of Fixlog ====
  15. The post was too long, so I attached them all, the ESET online didn't find anything, Thanks!!!!! JRT.txt Addition.txt FRST.txt mbam-log-2014-01-01 (18-19-17).txt mbar-log-2014-01-01 (17-38-00).txt system-log.txt AdwCleanerS0.txt